27.2.14 Lab Isolate Compromised Host Using 5 Tuple - PanamaP/KEST3CO05DU GitHub Wiki

What kind of transactions occurred between the client and the server in this attack?

Hann fékk root access, breytti siðan /shadow og /passwd

What did you observe? What do the text colors red and blue indicate?

rauði er client og blái er server

The attacker issues the whoami command on the target. What does this show about the attacker role on the target computer?

Að hann sé með root access

Let's filter for bro_ftp. Hover over the empty space next to the count of bro_ftp data types. Select + to filter for only FTP related traffic as shown in the figure.

Það koma engar niðurstöður þegar ég breyti með þessum filter..